diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..80e907e --- /dev/null +++ b/.gitignore @@ -0,0 +1,20 @@ +# Folder config file +Desktop.ini + +# Recycle Bin used on file shares +$RECYCLE.BIN/ + +# Ignore everything in this directory +.classpath +.settings +.project +*.iml +*.iws +*.ipr +.idea +*.ids +.editorconfig +.gradle + +# Mac crap +.DS_Store diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..ee195c6 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,12 @@ +FROM docker.elastic.co/beats/filebeat:8.2.0 + +# Switch to root user +USER root + +#install jq to the container +RUN apt-get update && apt-get install -y jq + +COPY entrypoint.sh /usr/local/bin/entrypoint.sh +RUN chmod +x /usr/local/bin/entrypoint.sh + +ENTRYPOINT ["/usr/local/bin/entrypoint.sh"] diff --git a/README.md b/README.md index e69de29..bb953b3 100644 --- a/README.md +++ b/README.md @@ -0,0 +1,12 @@ +## Instructions + +1. Pull the filebeat image +```bash +docker pull docker.elastic.co/beats/filebeat:8.2.0 +``` +Note: Change the filebeat image name or tag in Dockerfile related to the pulled version. + +3. Build the Docker image +```bash +docker build -t filebeat:8.2.0-entgra-v1 . +``` diff --git a/entrypoint.sh b/entrypoint.sh new file mode 100644 index 0000000..a13a7ae --- /dev/null +++ b/entrypoint.sh @@ -0,0 +1,36 @@ +#!/bin/bash +set -e + +# Path to the ECS metadata file +METADATA_FILE=$(cat "$ECS_CONTAINER_METADATA_FILE") + +if [ -f "$METADATA_FILE" ]; then + # Extract HostPrivateIPv4Address from the metadata file + HOST_PRIVATE_IP=$(jq -r '.HostPrivateIPv4Address' < "$METADATA_FILE") + if [ "$HOST_PRIVATE_IP" != "null" ]; then + echo "Host Private IP: $HOST_PRIVATE_IP" + export HOST_PRIVATE_IP + + # Define the input template file and output file + TEMPLATE_FILE="filebeat.template.yml" + OUTPUT_FILE="filebeat.yml" + + mkdir -p /opt/filebeat-configs/${HOST_PRIVATE_IP} + + # Replace the placeholder with the actual node name and write to the output file + sed "s/{{HOST_PRIVATE_IP}}/${HOST_PRIVATE_IP}/g" "/opt/filebeat-configs/$TEMPLATE_FILE" > "/opt/filebeat-configs/${HOST_PRIVATE_IP}/$OUTPUT_FILE" + echo "Filebeat configuration file created: $OUTPUT_FILE" + + # Create symlinks + rm -rf /usr/share/filebeat/elk + ln -sf "/opt/logs/${HOST_PRIVATE_IP}/elk" /usr/share/filebeat/elk + ln -sf "/opt/filebeat-configs/${HOST_PRIVATE_IP}/filebeat.yml" /usr/share/filebeat/filebeat.yml + else + echo "HostPrivateIPv4Address not found in metadata file" + fi +else + echo "Metadata file does not exist" +fi + +# Run the original filebeat entrypoint +exec /usr/bin/tini -- /usr/local/bin/docker-entrypoint "$@"